github/openclaw
1
0
Fork 0
mirror of https://github.com/openclaw/openclaw.git synced 2026-05-07 12:21:24 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix(security): block env depth-overflow approval bypass

Browse Source
This commit is contained in:
Peter Steinberger
2026-02-25 00:13:33 +00:00
parent 1970a1e9e5
commit 57c9a18180
4 changed files with 137 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/infra/exec-approvals.test.ts
View File

@@ -299,6 +299,36 @@ describe("exec approvals command resolution", () => {
expect(allowlistEval.segmentSatisfiedBy).toEqual([null]);
});
it("fails closed when transparent env wrappers exceed unwrap depth", () => {
if (process.platform === "win32") {
return;
}
const dir = makeTempDir();
const binDir = path.join(dir, "bin");
fs.mkdirSync(binDir, { recursive: true });
const envPath = path.join(binDir, "env");
fs.writeFileSync(envPath, "#!/bin/sh\n");
fs.chmodSync(envPath, 0o755);
const analysis = analyzeArgvCommand({
argv: [envPath, envPath, envPath, envPath, envPath, "/bin/sh", "-c", "echo pwned"],
cwd: dir,
env: makePathEnv(binDir),
});
const allowlistEval = evaluateExecAllowlist({
analysis,
allowlist: [{ pattern: envPath }],
safeBins: normalizeSafeBins([]),
cwd: dir,
});
expect(analysis.ok).toBe(true);
expect(analysis.segments[0]?.resolution?.policyBlocked).toBe(true);
expect(analysis.segments[0]?.resolution?.blockedWrapper).toBe("env");
expect(allowlistEval.allowlistSatisfied).toBe(false);
expect(allowlistEval.segmentSatisfiedBy).toEqual([null]);
});
it("unwraps env wrapper with shell inner executable", () => {
const resolution = resolveCommandResolutionFromArgv(["/usr/bin/env", "bash", "-lc", "echo hi"]);
expect(resolution?.rawExecutable).toBe("bash");

11
src/infra/exec-wrapper-resolution.ts
View File

@@ -478,6 +478,17 @@ export function resolveDispatchWrapperExecutionPlan(
}
current = unwrap.argv;
}
if (wrappers.length >= maxDepth) {
const overflow = unwrapKnownDispatchWrapperInvocation(current);
if (overflow.kind === "blocked" || overflow.kind === "unwrapped") {
return {
argv: current,
wrappers,
policyBlocked: true,
blockedWrapper: overflow.wrapper,
};
}
}
return { argv: current, wrappers, policyBlocked: false };
}